From 6657388851ae6a36c6baa28d014edef6e5004954 Mon Sep 17 00:00:00 2001 From: Kanani Nirav Date: Wed, 9 Oct 2024 22:00:14 +0900 Subject: [PATCH] [Modify/Add] Add EC2 Notes --- README.md | 2 + sections/cloud_computing.md | 40 ++-- sections/ec2.md | 358 ++++++++++++++++++++++++++++++++++++ 3 files changed, 380 insertions(+), 20 deletions(-) create mode 100644 sections/ec2.md diff --git a/README.md b/README.md index 437846e..3b0b4da 100644 --- a/README.md +++ b/README.md @@ -13,6 +13,8 @@ - What is Cloud Computing?, AWS Global Infrastructure, Shared Responsibility Model - [IAM: Identity Access & Management](./sections/iam.md) - What Is IAM?, Multi Factor Authentication - MFA, MFA devices options in AWS, How can users access AWS ?, What’s the AWS CLI?, What’s the AWS SDK? +- [EC2: Virtual Machines](./sections/ec2.md) + - What is Amazon EC2?, Introduction to Security Groups, Classic Ports to know, EC2 Instance Launch Types, Which purchasing option is right for me?, Shared Responsibility Model for EC2 ## Practice Exams ( dumps ) diff --git a/sections/cloud_computing.md b/sections/cloud_computing.md index 08bc7db..ac7add6 100644 --- a/sections/cloud_computing.md +++ b/sections/cloud_computing.md @@ -34,12 +34,12 @@ Cloud computing is the on-demand delivery of compute power, database storage, ap ### The Deployment Models of the Cloud -| **Private Cloud** | **Public Cloud** | **Hybrid Cloud** | -|----------------------------------------------------------------------------------|-------------------------------------------------------------------------------------------------------|------------------------------------------------------------------------| -| Cloud services used by a single organization, not exposed to the public. | Cloud resources owned and operated by a third-party cloud service provider, delivered over the Internet. | Keep some servers on-premises and extend some capabilities to the cloud. | -| Complete control over data, security, and compliance. | Cost-effective as infrastructure is shared among multiple users. | Allows data and applications to be shared between private and public clouds. | -| Security for sensitive applications, ideal for critical workloads. | Suitable for less sensitive workloads that require high scalability and availability. | Offers flexibility, security, and scalability for different use cases. | -| Meet specific business needs and compliance requirements. | No maintenance required as the cloud provider manages the infrastructure. | Provides business continuity, disaster recovery, and data backup solutions. | +| **Private Cloud** | **Public Cloud** | **Hybrid Cloud** | +| ------------------------------------------------------------------------ | -------------------------------------------------------------------------------------------------------- | ---------------------------------------------------------------------------- | +| Cloud services used by a single organization, not exposed to the public. | Cloud resources owned and operated by a third-party cloud service provider, delivered over the Internet. | Keep some servers on-premises and extend some capabilities to the cloud. | +| Complete control over data, security, and compliance. | Cost-effective as infrastructure is shared among multiple users. | Allows data and applications to be shared between private and public clouds. | +| Security for sensitive applications, ideal for critical workloads. | Suitable for less sensitive workloads that require high scalability and availability. | Offers flexibility, security, and scalability for different use cases. | +| Meet specific business needs and compliance requirements. | No maintenance required as the cloud provider manages the infrastructure. | Provides business continuity, disaster recovery, and data backup solutions. | ### The Five Characteristics of Cloud Computing @@ -66,11 +66,11 @@ Cloud computing is the on-demand delivery of compute power, database storage, ap ### Types of Cloud Computing -| **Infrastructure as a Service (IaaS)** | **Platform as a Service (PaaS)** | **Software as a Service (SaaS)** | -|-------------------------------------------------------------------------------------|--------------------------------------------------------------------------------|------------------------------------------------------------------------| -| Provides virtualized computing resources over the internet (e.g., AWS EC2). | Provides a platform allowing customers to develop, run, and manage applications (e.g., AWS Elastic Beanstalk). | Provides software applications over the internet on a subscription basis (e.g., AWS Chime). | -| Offers maximum control over the infrastructure. | Focus on deploying applications without managing underlying infrastructure. | Accessible over the internet, usually via a web browser. | -| Suitable for developers needing control over OS, middleware, and runtime. | Ideal for developers who want to focus on application development. | Suitable for users needing access to software without infrastructure management. | +| **Infrastructure as a Service (IaaS)** | **Platform as a Service (PaaS)** | **Software as a Service (SaaS)** | +| --------------------------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------- | +| Provides virtualized computing resources over the internet (e.g., AWS EC2). | Provides a platform allowing customers to develop, run, and manage applications (e.g., AWS Elastic Beanstalk). | Provides software applications over the internet on a subscription basis (e.g., AWS Chime). | +| Offers maximum control over the infrastructure. | Focus on deploying applications without managing underlying infrastructure. | Accessible over the internet, usually via a web browser. | +| Suitable for developers needing control over OS, middleware, and runtime. | Ideal for developers who want to focus on application development. | Suitable for users needing access to software without infrastructure management. | ### Example of Cloud Computing Types @@ -85,10 +85,10 @@ Cloud computing is the on-demand delivery of compute power, database storage, ap AWS follows three fundamental pricing principles based on the pay-as-you-go pricing model: -| **Fundamental** | **Description** | -|---------------------|-------------------------------------------------------------------------------------------------| -| **Compute** | Pay for the compute time you consume. Examples include EC2 instance hours or Lambda invocation duration. | -| **Storage** | Pay for the amount of data stored in the cloud. Examples include S3 storage space and EBS volume usage. | +| **Fundamental** | **Description** | +| --------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| **Compute** | Pay for the compute time you consume. Examples include EC2 instance hours or Lambda invocation duration. | +| **Storage** | Pay for the amount of data stored in the cloud. Examples include S3 storage space and EBS volume usage. | | **Data Transfer OUT** | Pay for data transfer out of the cloud. Data transfer IN is free. This pricing structure solves the issue of expensive data transfer fees in traditional IT systems. | ### How Cloud Pricing Solves Traditional IT Cost Issues @@ -160,11 +160,11 @@ AWS follows three fundamental pricing principles based on the pay-as-you-go pric ### Example Responsibilities for Different AWS Services -| **Service Type** | **AWS Responsibility** | **Customer Responsibility** | -|--------------------------|----------------------------------------------------------|---------------------------------------------------------------------| -| **IaaS (e.g., EC2)** | Securing physical infrastructure, hypervisor, and network. | Configure and secure OS, patch management, data, and network settings. | -| **PaaS (e.g., RDS)** | Managing the database engine, backups, and patching. | Secure data at rest and in transit, manage DB access, and IAM roles. | -| **SaaS (e.g., S3)** | Protecting the service's underlying infrastructure. | Manage permissions, bucket policies, and data lifecycle rules. | +| **Service Type** | **AWS Responsibility** | **Customer Responsibility** | +| -------------------- | ---------------------------------------------------------- | ---------------------------------------------------------------------- | +| **IaaS (e.g., EC2)** | Securing physical infrastructure, hypervisor, and network. | Configure and secure OS, patch management, data, and network settings. | +| **PaaS (e.g., RDS)** | Managing the database engine, backups, and patching. | Secure data at rest and in transit, manage DB access, and IAM roles. | +| **SaaS (e.g., S3)** | Protecting the service's underlying infrastructure. | Manage permissions, bucket policies, and data lifecycle rules. | ### Summary diff --git a/sections/ec2.md b/sections/ec2.md new file mode 100644 index 0000000..8a7da8e --- /dev/null +++ b/sections/ec2.md @@ -0,0 +1,358 @@ +# EC2: Virtual Machines + +- [EC2: Virtual Machines](#ec2-virtual-machines) + - [What is Amazon EC2?](#what-is-amazon-ec2) + - [EC2 Sizing \& Configuration Options](#ec2-sizing--configuration-options) + - [EC2 User Data](#ec2-user-data) + - [EC2 Instance Types - Overview](#ec2-instance-types---overview) + - [General Purpose Instances](#general-purpose-instances) + - [Compute Optimized Instances](#compute-optimized-instances) + - [Memory Optimized Instances](#memory-optimized-instances) + - [Storage Optimized Instances](#storage-optimized-instances) + - [EC2 Instance Types: Example](#ec2-instance-types-example) + - [Introduction to Security Groups](#introduction-to-security-groups) + - [Common Use Cases](#common-use-cases) + - [Deeper Dive](#deeper-dive) + - [Security Groups Diagram](#security-groups-diagram) + - [Examples of Security Group Rules](#examples-of-security-group-rules) + - [Good to Know](#good-to-know) + - [Classic Ports to Know](#classic-ports-to-know) + - [EC2 Instance Launch Types](#ec2-instance-launch-types) + - [On Demand Instance](#on-demand-instance) + - [Reserved Instances](#reserved-instances) + - [Savings Plans](#savings-plans) + - [Spot Instances](#spot-instances) + - [Dedicated Hosts](#dedicated-hosts) + - [Dedicated Instances](#dedicated-instances) + - [Capacity Reservations](#capacity-reservations) + - [EC2 Instance Launch Types Comparison](#ec2-instance-launch-types-comparison) + - [Which purchasing option is right for my use case?](#which-purchasing-option-is-right-for-my-use-case) + - [Price Comparison Example – m4.large – us-east-1](#price-comparison-example--m4large--us-east-1) + - [Shared Responsibility Model for EC2](#shared-responsibility-model-for-ec2) + - [EC2 Section – Summary](#ec2-section--summary) + +## What is Amazon EC2? + +- **Amazon Elastic Compute Cloud (EC2)** is a scalable compute service that allows users to rent virtual servers in the cloud. +- It provides flexibility to scale compute resources up or down based on demand, offering a cost-effective solution for applications with variable workloads. +- Key features include: + - **On-Demand Instances**: Pay for compute capacity by the hour or second, with no long-term commitments. + - **Reserved Instances**: Make a one-time payment for a significant discount on instance usage over a one- or three-year term. + - **Spot Instances**: Bid for unused EC2 capacity at a potentially lower price, allowing cost savings for flexible workloads. + +### EC2 Sizing & Configuration Options + +- EC2 allows for customized sizing and configurations, which include: + - **Instance Type**: Selecting the appropriate type based on the application's performance requirements. + - **Storage Options**: Using Amazon EBS for persistent block storage or instance store for temporary storage. + - **Networking**: Configuring VPCs, subnets, and security groups to control access and manage traffic. + - **Elastic Load Balancing**: Distributing incoming traffic across multiple EC2 instances to enhance availability and fault tolerance. + - **Auto Scaling**: Automatically adjusting the number of instances based on demand, ensuring the application has the necessary resources. + +### EC2 User Data + +- **User data** is a powerful feature for automating the setup of EC2 instances. +- It can be specified at instance launch and is executed on the instance when it first boots. +- bootstrapping means launching commands when a machine starts +- That script is **only run once** at the instance **first start** +- **Common use cases include**: + - Installing software packages (e.g., `yum install httpd -y` for Apache). + - Downloading configuration files or scripts from Amazon S3. + - Configuring system settings and services (e.g., starting an application server). + +### EC2 Instance Types - Overview + +Amazon EC2 offers a variety of instance types, each designed to meet specific application requirements.() + +#### General Purpose Instances + +- General purpose instances provide a balanced mix of compute, memory, and network resources. +- They are suitable for a variety of workloads and can handle different application types effectively. +- **Use Cases**: + - Web servers and applications + - Small to medium-sized databases + - Development and testing environments + - Enterprise applications + +| **Instance Type** | **vCPUs** | **Memory (GiB)** | **Network Performance** | **Storage** | +| ----------------- | --------- | ---------------- | ----------------------- | ----------- | +| **t4g.micro** | 2 | 1 | Up to 5 Gigabit | EBS only | +| **t3.micro** | 2 | 1 | Up to 5 Gigabit | EBS only | +| **m5.large** | 2 | 8 | Up to 10 Gigabit | EBS only | +| **m5.xlarge** | 4 | 16 | Up to 10 Gigabit | EBS only | + +#### Compute Optimized Instances + +- Compute optimized instances are designed for applications that require high-performance processors and are well-suited for compute-intensive workloads. +- **Use Cases**: + - High-performance web servers + - Batch processing + - Data analytics + - Machine learning inference + +| **Instance Type** | **vCPUs** | **Memory (GiB)** | **Network Performance** | **Storage** | +| ----------------- | --------- | ---------------- | ----------------------- | ----------- | +| **c5.large** | 2 | 4 | Up to 10 Gigabit | EBS only | +| **c5.xlarge** | 4 | 8 | Up to 10 Gigabit | EBS only | +| **c5.2xlarge** | 8 | 16 | Up to 10 Gigabit | EBS only | +| **c5n.9xlarge** | 36 | 96 | 10 Gigabit | EBS only | + +#### Memory Optimized Instances + +- Memory optimized instances provide high memory bandwidth and are optimized for applications that require large amounts of memory. +- **Use Cases**: + - High-performance databases (e.g., SAP HANA) + - In-memory caches (e.g., Redis, Memcached) + - Real-time big data analytics + - Data mining applications + +| **Instance Type** | **vCPUs** | **Memory (GiB)** | **Network Performance** | **Storage** | +| ----------------- | --------- | ---------------- | ----------------------- | ----------- | +| **r5.large** | 2 | 16 | Up to 10 Gigabit | EBS only | +| **r5.xlarge** | 4 | 32 | Up to 10 Gigabit | EBS only | +| **r5.4xlarge** | 16 | 128 | Up to 10 Gigabit | EBS only | +| **r5b.12xlarge** | 48 | 384 | 10 Gigabit | EBS only | + +#### Storage Optimized Instances + +- Storage optimized instances are designed for applications that require high, sequential read and write access to large datasets. +- **Use Cases**: + - Data warehousing applications + - Hadoop distributed computing + - High-frequency trading applications + - NoSQL databases (e.g., Cassandra) + +| **Instance Type** | **vCPUs** | **Memory (GiB)** | **Network Performance** | **Storage** | +| ----------------- | --------- | ---------------- | ----------------------- | ------------------- | +| **i3.large** | 2 | 15 | Up to 10 Gigabit | 1 x 475 GB NVMe SSD | +| **i3.xlarge** | 4 | 30 | Up to 10 Gigabit | 1 x 950 GB NVMe SSD | +| **i3.2xlarge** | 8 | 61 | Up to 10 Gigabit | 1 x 1.9 TB NVMe SSD | +| **d2.8xlarge** | 36 | 244 | Up to 10 Gigabit | 12 x 2 TB HDD | + +### EC2 Instance Types: Example + +Here's a quick overview of some example instance types in each category, along with their characteristics: + +| **Instance Type** | **vCPUs** | **Memory (GiB)** | **Storage** | **Use Case** | +| ----------------- | --------- | ---------------- | ------------------- | -------------------------------------------------------------------------------------------------------------------------- | +| **t3.micro** | 2 | 1 | EBS only | General-purpose applications with burstable performance; suitable for low-traffic web servers or development environments. | +| **c5.large** | 2 | 4 | EBS only | Compute-intensive applications like gaming, web servers, and machine learning inference. | +| **m5.xlarge** | 4 | 16 | EBS only | Balanced workloads, such as small databases and caching fleets. Ideal for web applications. | +| **r5.xlarge** | 4 | 32 | EBS only | Memory-intensive applications such as databases, in-memory caches, and analytics workloads. | +| **i3.2xlarge** | 8 | 61 | 1 x 2.5 TB NVMe SSD | Storage-intensive applications like NoSQL databases, data warehousing, and big data analytics. | +| **p3.2xlarge** | 8 | 61 | EBS only | GPU-accelerated computing for machine learning, high-performance computing (HPC), and graphics-intensive applications. | + +t2.micro is part of the AWS free tier (up to 750 hours per month) + +## Introduction to Security Groups + +- **Security Groups** are **virtual firewalls** that control inbound and outbound traffic to Amazon EC2 instances. +- They act at the instance level, not the subnet level, and provide a way to manage access to resources within a VPC (Virtual Private Cloud). +- Security groups can be associated with multiple instances and can be modified at any time, allowing for flexible management of network access. +- **Key Features**: + - By default, all inbound traffic is denied, and all outbound traffic is allowed. + - You can specify rules based on protocol (TCP, UDP, ICMP), port number, and source IP address or CIDR block. + +### Common Use Cases + +- Restricting access to an application server (allowing only specific IPs). +- Allowing traffic from specific ports (e.g., HTTP/HTTPS). +- Isolating database instances from public access. + +## Deeper Dive + +- **Inbound Rules**: Define the traffic allowed into your instances. +- **Outbound Rules**: Define the traffic allowed out from your instances. +- Each rule includes: + - **Type**: The protocol used (e.g., HTTP, SSH). + - **Protocol**: The protocol number (TCP = 6, UDP = 17). + - **Port Range**: The port(s) affected by the rule. + - **Source/Destination**: The IP address or CIDR range from which traffic is allowed. + +### Security Groups Diagram + +![Security Groups Diagram](../images/Security_Groups_Diagram.png) + +### Examples of Security Group Rules + +| **Rule Type** | **Protocol** | **Port Range** | **Source/Destination** | +| ------------- | ------------ | -------------- | --------------------------- | +| Inbound Rule | TCP | 22 | 203.0.113.0/24 (SSH Access) | +| Inbound Rule | TCP | 80 | 0.0.0.0/0 (HTTP Access) | +| Outbound Rule | All Traffic | All | 0.0.0.0/0 | + +### Good to Know + +- **Limits**: Each security group can have up to 60 inbound and 60 outbound rules by default (this limit can be increased by requesting through AWS Support). +- **Default Security Group**: When you create a VPC, a default security group is automatically created, which allows all outbound traffic and denies all inbound traffic by default. +- **Multiple Security Groups**: You can assign multiple security groups to a single EC2 instance, enabling fine-grained control over traffic. +- **Security Best Practices**: + - Apply the principle of least privilege (only allow necessary traffic). + - Regularly review and audit security group rules. + - Use descriptive names and tags for easy management. + +## Classic Ports to Know + +| **Port Number** | **Protocol** | **Service** | **Description** | +| --------------- | ------------ | ------------------- | --------------------------------------------------------------------------------------------------- | +| 20 | TCP | FTP (Data Transfer) | Used for transferring files over FTP. | +| 21 | TCP | FTP (Control) | Used for controlling file transfer sessions. | +| 22 | TCP | SSH | Secure Shell for secure logins and command execution. | +| 80 | TCP | HTTP | Hypertext Transfer Protocol for web traffic. | +| 443 | TCP | HTTPS | Secure HTTP for secure web traffic. | +| 3389 | TCP | RDP | Used for Remote Desktop Protocol, allowing users to connect to and control remote Windows machines. | + +## EC2 Instance Launch Types + +- [**On Demand Instances**](#on-demand-instance): short workload, predictable pricing +- [**Reserved**](#reserved-instances): (1 & 3 years) + - **Reserved Instances**: long workloads + - **Convertible Reserved Instances**: long workloads with flexible instances +- [**Savings Plans**](#savings-plans) (1 & 3 years): commitment to an amount of usage, long workload +- [**Spot Instances**](#spot-instances): short workloads, for cheap, can lose instances +- [**Dedicated Instances**](#dedicated-instances): no other customers will share your hardware +- [**Dedicated Hosts**](#dedicated-hosts): book an entire physical server, control instance placement +- [**Capacity Reservations**](#capacity-reservations): reserve capacity in a specific AZ for any duration + +### On Demand Instance + +- Pay for what you use: + - Linux or Windows - billing per second, after the first minute + - All other operating systems - billing per hour +- Has the highest cost but no upfront payment +- No long-term commitment +- Recommended for **short-term** and **un-interrupted workloads**, where you can't predict how the application will behave + +### Reserved Instances + +- Up to 72% discount compared to On-demand +- You reserve a specific instance attributes (Instance Type, Region, Tenancy, OS) +- Reservation Period – 1 year (+discount) or 3 years (+++discount) +- Payment Options – No Upfront (+), Partial Upfront (++), All Upfront (+++) +- Reserved Instance’s Scope – Regional or Zonal (reserve capacity in an AZ) +- Recommended for steady-state usage applications (think database) +- You can buy and sell in the Reserved Instance Marketplace + +- Convertible Reserved Instance + - Can change the EC2 instance type, instance family, OS, scope and tenancy + - Up to 66% discount + +### Savings Plans + +- Get a discount based on long-term usage (up to 72% - same as RIs) +- Commit to a certain type of usage ($10/hour for 1 or 3 years) +- Usage beyond EC2 Savings Plans is billed at the On-Demand price + +- Locked to a specific instance family & AWS region (e.g., M5 in us-east-1) +- Flexible across: + - Instance Size (e.g., m5.xlarge, m5.2xlarge) + - OS (e.g., Linux, Windows) + - Tenancy (Host, Dedicated, Default) + +### Spot Instances + +- Can get a discount of up to 90% compared to On-demand +- Instances that you can “lose” at any point of time if your max price is less than the current spot price +- The MOST cost-efficient instances in AWS +- Useful for workloads that are resilient to failure + - Batch jobs + - Data analysis + - Image processing + - Any distributed workloads + - Workloads with a flexible start and end time +- Not suitable for critical jobs or databases + +### Dedicated Hosts + +- A physical server with EC2 instance capacity fully dedicated to your use +- Allows you to address compliance requirements and use your existing server- bound software licenses (per-socket, per-core, pe—VM software licenses) +- Purchasing Options: + - On-demand – pay per second for active Dedicated Host + - Reserved - 1 or 3 years (No Upfront, Partial Upfront, All Upfront) +- The most expensive option +- Useful for software that have complicated licensing model (BYOL – Bring Your Own License) +- Or for companies that have strong regulatory or compliance needs + +### Dedicated Instances + +- Instances run on hardware that’s dedicated to you +- May share hardware with other instances in same account +- No control over instance placement (can move hardware after Stop / Start) + +### Capacity Reservations + +- Reserve On-Demand instances capacity in a specific AZ for any duration +- You always have access to EC2 capacity when you need it +- No time commitment (create/cancel anytime), no billing discounts +- Combine with Regional Reserved Instances and Savings Plans to benefit from billing discounts +- You’re charged at On-Demand rate whether you run instances or not +- Suitable for short-term, uninterrupted workloads that needs to be in a specific AZ + +### EC2 Instance Launch Types Comparison + +| **Launch Type** | **Cost Structure** | **Payment Options** | **Commitment** | **Use Case** | **Flexibility** | +| ------------------------- | ----------------------------------------------------------------------------------- | ------------------------------------------------------ | ----------------------------- | ------------------------------------------------------------ | ------------------------------------------------------------------------ | +| **On-Demand Instances** | - Linux/Windows: per second after the first minute
- Other OS: billed per hour | No upfront payment | No long-term commitment | Short-term and unpredictable workloads | High flexibility; can start/stop anytime | +| **Reserved Instances** | Up to 72% discount compared to On-Demand | - No Upfront
- Partial Upfront
- All Upfront | 1 year or 3 years | Steady-state applications (e.g., databases) | Reserved capacity in a specific region or AZ | +| **Savings Plans** | Up to 72% discount based on long-term usage | Commit to a certain usage amount | 1 year or 3 years | Applications with predictable usage patterns | Flexible across instance size, OS, and tenancy | +| **Spot Instances** | Discount up to 90% compared to On-Demand | Pay the Spot price | No commitment required | Cost-sensitive, resilient workloads (e.g., batch jobs) | Instances can be terminated anytime if spot price exceeds your max price | +| **Dedicated Hosts** | Most expensive; pay per second for active host | - On-Demand
- Reserved (1 or 3 years) | Long-term commitment possible | Compliance-heavy applications or complex licensing models | Full control over server; ideal for BYOL scenarios | +| **Dedicated Instances** | Higher than shared instances; not the most expensive | On-Demand pricing | No long-term commitment | Workloads needing dedicated hardware but can share resources | Limited control over instance placement | +| **Capacity Reservations** | Billed at On-Demand rates regardless of instance running | No upfront payment | No time commitment | Ensures EC2 capacity availability in a specific AZ | Can create/cancel anytime; no discounts on billing | + +## Which purchasing option is right for my use case? + +- **On-Demand Instances**: + - Staying at a resort whenever we want and paying the full price for each night. + - Ideal for a startup running a web application with unpredictable traffic spikes. +- **Reserved Instances**: + - Planning a long vacation in advance, allowing us to get a significant discount for booking ahead. + - Best for a company operating a database server that requires constant uptime for a year. +- **Savings Plans**: + - Committing to a set amount per hour for a specified duration while enjoying any room type + - Suitable for a SaaS provider that anticipates steady usage of compute resources over three years. +- **Spot Instances**: + - Bidding for available rooms; the highest bidder secures the room, but they can be asked to leave at any moment. + - Perfect for a research team processing large data sets where jobs can be paused and resumed. +- **Dedicated Hosts**: + - Renting an entire wing of the resort exclusively for ourselves. + - Appropriate for a financial institution needing to comply with strict regulatory requirements and using custom software licenses. +- **Dedicated Instances**: + - Having a private room that's solely ours but sharing some amenities with other guests. + - Great for a business running non-critical applications that need some level of hardware isolation. +- **Capacity Reservations**: + - Booking a room for a set period at full price, even if we don’t end up using it. + - Useful for an enterprise ensuring EC2 capacity for a new product launch in a specific availability zone. + +## Price Comparison Example – m4.large – us-east-1 + +| **Launch Type** | **Hourly Price** | **Monthly Price (Approx.)** | **Notes** | +| ------------------------- | ------------------------------------ | --------------------------- | ---------------------------------------------------------------- | +| **On-Demand Instance** | $0.096 per hour | $69.12 | Pay-as-you-go pricing. Ideal for short-term usage. | +| **Reserved Instances** | $0.054 per hour (1-year term) | $39.24 | Commit to one year for a significant discount. | +| **Savings Plans** | $0.058 per hour (1-year term) | $41.76 | Flexible savings plan applicable to any instance type. | +| **Spot Instances** | $0.028 per hour (varies with demand) | $20.16 | Pricing varies; can be interrupted. Best for flexible workloads. | +| **Dedicated Hosts** | $0.12 per hour (per host) | $86.40 | Dedicated physical server; pricing per host. | +| **Dedicated Instances** | $0.096 per hour | $69.12 | Similar to on-demand but on dedicated hardware. | +| **Capacity Reservations** | $0.096 per hour | $69.12 | Reserved capacity at on-demand pricing. | + +## Shared Responsibility Model for EC2 + +| **Responsibility** | **AWS Responsibilities** | **User Responsibilities** | +| --------------------------- | -------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------- | +| **Infrastructure Security** | The security of the underlying infrastructure, including hardware, software, networking, and facilities. | Securing the EC2 instances, including operating systems and applications. | +| **Physical Security** | Ensures physical security of data centers where EC2 instances run. | N/A | +| **Network Security** | Implements security measures for the network, including firewalls and DDoS protection. | Configuring security groups, network ACLs, and VPC settings. | +| **Data Protection** | Provides encryption options for data at rest and in transit. | Managing data encryption and access control. | +| **Access Management** | Offers IAM services to manage access to AWS resources. | Configuring IAM users, roles, and policies for access management. | +| **Compliance** | Complies with various compliance standards and certifications for infrastructure. | Compliance related to the applications and data hosted on EC2 instances. | +| **Patch Management** | Provides a secure and up-to-date infrastructure. | Applying patches and updates to the operating system and applications. | + +## EC2 Section – Summary + +- EC2 Instance: AMI (OS) + Instance Size (CPU + RAM) + Storage + security groups + EC2 User Data +- Security Groups: Firewall attached to the EC2 instance +- EC2 User Data: Script launched at the first start of an instance +- SSH: start a terminal into our EC2 Instances (port 22) +- EC2 Instance Role: link to IAM roles +- Purchasing Options: On-Demand, Spot, Reserved (Standard + Convertible + Scheduled), Dedicated Host, Dedicated Instance